Navy tests plug-in security

The Navy recently demonstrated how a new breed of firewall technology could be used to shore up computer security aboard ships.

By deploying firewall technology embedded on PC network cards, participants in the warfighting exercise enforced security policies across disparate servers located on ships in the Seventh Fleet, based out of Yokosuka, Japan.

Fleet Battle Experiment Kilo (FBE-K), which ran from April 14 through May 5, was the 11th in a series of those experiments and was conducted concurrently with Exercise Tandem Thrust 2003, a U.S. Pacific Command-sponsored exercise focusing on deliberate and crisis action planning and execution in a joint task force environment.

Executed by the Navy Warfare Development Command, the experiments are intended to test and evaluate specific initiatives and their roles in potential future combat scenarios.

Led by the Seventh Fleet, FBE-K was designed to develop and refine processes supporting joint command and control from the sea for future joint operations.

"There were a series of areas of evaluation [in the experiment], including information operations and defensive information operations," said Navy Cmdr. Jeff White, an information warfare officer with the Navy Warfare Development Command. "Computer network defense and the information assurance piece of that play a significant role within the Navy because you need both for a battle force commander to fight effectively."

So White's organization, supported by a team of Navy and commercial organizations, deployed the Defense Advanced Research Projects Agency's embedded firewall, which is based on technology co-developed by 3Com Corp. and Secure Computing Corp. Using firewall technology embedded into 3Com's Network Interface Cards, information technology security staff can prevent unauthorized access to network servers, desktop PCs and notebooks from inside and outside a network.

From a policy server, IT staff can centrally manage systems equipped with 3Com PCI cards individually or in groups, setting policies to control network access, prevent intrusions and detect attacks. The PCI card technology played a vital role in securing systems in the fleet through a wireless, satellite-based connection.

"We fully supported and fielded the technology to provide a level of defense from the endpoint client," said Doreen Ryder, a BBN Technologies employee who represented the DARPA team during FBE-K. "We protect the network from anything that a common adversary might run against a machine. Embedded firewalls protect against attacks on an endpoint [Microsoft Corp. Windows server] rather than at the routers or switches or other hardware levels."

Ryder said the team was able to remotely enforce policies from USS Blue Ridge — the command ship of the fleet — to USS Vincennes, located about 1,500 nautical miles away. The point, she said, was to prove the concept of remotely controlling the server from one ship to another via a satellite connection and using legacy machines.

An earlier version of the technology was first used in FBE-India in 2001 and expanded in 2002's experiment, Juliet. During Juliet, seven network cards were deployed, one at the policy server level and six to the clients. During FBE-K, "we used 150 cards because we had to determine how it would scale," White said. "It can theoretically go up to 3,000 client/server hosts."

***

Embedding firewalls

The recent conflict in Iraq made "embedded reporters" a household phrase. A less well-known concept that will play a vital role in future conflicts is the embedded firewall, which involves integrating security functions such as access control onto hardware devices.

In the case of the Defense Advanced Research Projects Agency's embedded firewall used in the Navy's most recent Fleet Battle Experiment, that meant installing policy servers on the fleet command ship that could centrally manage Microsoft Corp. Windows-based servers equipped with 3Com Corp. Network Interface Cards with built-in firewall functions.

Information technology staff could then set policies to control network access, prevent intrusions on networked servers and remote client machines, and automate filtering to block cyberattacks.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group